To add, modify, or remove access control instructions (ACIs), submit a request through the service request form, accessible from the Support & Community page.
Global ACIs are a set of ACIs that can apply to entries anywhere in the server, although they can also be scoped so that they only apply to a specific set of entries. These ACIs work in conjunction with access control rules stored in user data and provide a convenient way to define ACIs that span disparate portions of the DIT (Directory Information Tree).
You can apply Global ACIs to administrator access, anonymous and authenticated access, delegated access to a manager or for proxy authorization. Access control components, descriptions, and they syntax used for each component, is listed in the following table:
Access Control Components | Description | Syntax |
---|---|---|
targets | Specifies the set of entries and/or attributes to which an access control rule applies. | Syntax: (target keyword = || != expression) |
name | Specifies the name of the ACI. | |
permissions | Specifies the type of operations to which an access control rule might apply. | Syntax: allow||deny (permission) |
bind rules | Specifies the criteria that indicate whether an access control rule should apply to a given requestor. | Syntax: bind rule keyword = ||!=
expression; The bind rule syntax requires that it be terminated with a ";". |
For additional information, refer to Global ACIs in the PingDirectory Server Administration Guide.